ODG/P3.1
Government policy on Information and Communications Technology
ICT Policy Statement 3
Cloud Services
PURPOSE
The intent and purpose of this policy is to ensure Public Sector Agencies evaluate cloud services in
every new or reformed ICT sourcing, procurement, or market approach. It also establishes an
expectation that a cloud service should be chosen unless it will not deliver the best value for
money outcome for government – that is, an alternative sourcing option is demonstrably better
value for money in terms of innovation or productivity outcomes – given an equitable evaluation of
business needs, resilience, and risk, as well as compliance with any relevant legislation,
instructions, policies, standards, and rulings.
CONTEXT
Background
In October 2013, Cabinet approved South Australia Connected, Ready for the Future (SA
Connected), the South Australian Government’s Information and Communications Technology
(ICT) strategy. SA Connected sets the strategic direction for the use of ICT in government, and all
agencies are expected to align their decisions and activities with this strategic direction to ensure
government’s use of ICT is strategic, purposeful, and best serves the people of South Australia.
SA Connected sets a clear expectation for agencies to invest in services, rather than buying
hardware and software. Cloud services are ICT capabilities that can be consumed ‘as-a-service’
via a network, without needing to acquire, own and operate dedicated infrastructure, software, and
facilities. This policy makes it clear that cloud services should be the preferred option for agencies.
Authority
This policy is issued under the authority of the Director, Digital Government for the Government of
South Australia.
POLICY STATEMENT
Public Sector Agencies should evaluate one or more cloud services in every new or reformed ICT
sourcing, procurement, or market approach.
Agencies will consider their business needs, resilience, and risk as part of their evaluation.
Agencies remain accountable for the security of their data in any environment.
Following an equitable evaluation, a cloud service should be chosen unless:

it will not deliver the best value for money outcome for government – that is, another sourcing
option is demonstrably better value for money in terms of innovation and productivity outcomes

the cloud services assessed will not adequately meet the government’s obligations under
relevant legislation, instructions, policies, standards, and rulings.
Public Sector Agencies must be prepared to share their experiences in relation to cloud services and
support the continued development of an across-government catalogue of cloud service solutions.
ICT Policy Statement 3
SCOPE
This policy applies to all South Australian Government Public Sector Agencies (as defined in ICT
Policy Statement 1 – Compliant Authorities).
TERMS AND ABBREVIATIONS
Terms
Cloud Services
A cloud service allows users of ICT to access a service through a network
without the need to acquire, own, and operate dedicated infrastructure,
software and facilities.
Further detail can be found in the definition of cloud computing provided by the
United States National Institute of Standards and Technology (NIST). This
includes definitions of:
Public Sector
Agency

essential characteristics of cloud services

service models – e.g. Software as a Service, Platform as a Service, etc.

deployment models – e.g. private cloud, public cloud, hybrid cloud, etc.
An internal to government entity, including administrative units, bodies
corporate, statutory authorities, and instrumentalities of the Crown, as defined
in the Public Sector Act 2009 (SA).
RESPONSIBILITIES
The Office for Digital Government is responsible for maintaining the across-government catalogue
of cloud service solutions. Public Sector Agencies can provide details of their experiences to
[email protected].
Public Sector Agencies will be asked to provide publishable case studies on a case-by-case basis.
EXEMPTIONS
Advice regarding exemptions from this policy is provided in the Government Ruling on Information
and Communication Technology titled ICT Ruling 1 (exemptions).
Government policy on ICT
Cloud Services v1.0
Page 2 of 3
ICT Policy Statement 3
REFERENCES & LINKS

The NIST Definition of Cloud Computing

ICT Policy Statement 1 – Compliant Authorities

ICT Ruling 1 – Exemptions

Information Security Management Framework (ISMF) Guideline 5 – Cloud Computing

ISMF Standard 139 – Security in an outsourced environment (found in the Information Security
Management Framework)

Privacy and Cloud Computing Guidelines

Offsite storage of SA Government data – executive governance

Data Breach Guidelines – Managing the notification of those affected when data is compromised
(available to SA Government personnel only)
Document Control
ID
ODG/P3.1
Version
1.0
Classification/DLM
PUBLIC-I2-A1
Compliance
Mandatory
Original authorisation date
April 2015
Last approval date
Next Review date
April 2017
Licence
With the exception of the Government of South Australia brand, logos and any images, this work is licensed
under a Creative Commons Attribution (CC BY) 4.0 Licence. To attribute this material, cite the Office for Digital
Government, Department of the Premier and Cabinet, Government of South Australia, 2016.